Only a partial course catalog is displayed. Please log in to see the complete catalog.


Resilient Courses (22):

Introduction to Resilient
NEW

Overview

This course is designed to provide an initial introduction to Resilient Incident Response Program. It will help you understand how Resilient can be integrated in your environment and provide the tools to get started.

Agenda

  1. Introduction to Resilient
  2. How Resilient Aligns to your Organization
  3. Installing & Administering Resilient
  4. Developing Playbooks
  5. Resources and Support

Setting up alternative authentication mechanisms in the IBM Resilient appliance

Overview

This course covers several alternative mechanisms for authenticating users in the IBM Resilient product, including LDAP, SAML and two-factor authentication.

Agenda

  1. LDAP authentication
  2. SAML authentication configuration
  3. Two-factor authentication

Duration: 22 minutes

Managing logs in the IBM Resilient appliance

Overview

This course demonstrates how to manage logs in the IBM Resilient appliance. This includes how to configure logging, audit logging and syslog.

Agenda

  • 1. Log configuration
  • 2. Configuring audit logs
  • 3. Configuring syslog

Duration: 8 minutes

Working with Resilient workspaces
NEW

Overview
This course teaches how the IBM Resilient product uses workspaces. The course covers key workspace concepts, how to create them and how to delete them.

Agenda
  1. Workspace key concepts
  2. Create workspace
  3. Delete workspace

Duration: 7 minutes
Course revision: 1.0

Working with Resilient roles
NEW

Overview
This course will show you how to understand roles in the IBM Resilient product. A role is a specific set of permissions, which you can assign to users and groups. The Roles tab allows you to define and manage roles. You can assign multiple roles to a user, which gives the user a superset of all the permissions in the roles.The course demonstrates how to create and delete roles, describes the difference between global and workspace roles, which roles are predefined and explains how Resilient uses role categories.

Agenda
  1. Global and workspace roles
  2. Role categories
  3. Predefined roles
  4. Creating roles
  5. Deleting roles

Duration: 9 minutes
Course revision: 1.0

Common Resilient use cases

Overview

This course covers 4 common scenarios that demonstration of how the Resilient Incident Response Platform can be used to

  • Automate the escalation and collection of data
  • Manage a ransomware attack
  • Deal with a data breach involving an inside actor
  • Accelerate your Response to Phishing Attacks

Managing users and groups in Resilient

Overview

This course covers aspects of managing users and groups in IBM Resilient such as creating users using the Resilient user-interface or by using terminal commands and how to reassign incidents and tasks to a different user.

Agenda

  1. Creating a user using using the UI
  2. Creating a user using terminal commands
  3. Reassigning incidents and tasks
  4. Enabling LDAP authentication
  5. Enabling LDAP users in groups and deleting LDAP users

Managing GDPR Data Breach Notification Requirements with the Resilient Incident Response Platform

The Resilient Incident Response Platform has been updated to incorporate the new data breach notification requirements of the EU General Data Protection Regulation (GDPR). This video demonstrates these enhancements by walking through how notifications would be handled during a ransomware attack at a hospital where personal data was exposed.

Resilient version 27 - Deactivate user / Reassign

In this video you will learn about the IBM Resilient v27 features including Deactivating users and Reassigning Incidents and Tasks. This video is intended for people interested in learning about the Resilient product.


Creating custom graphs in the Resilient application

Overview
This video shows examples of creating graphs of incidents over time on the Resilient Analytics dashboard, including

  • Graph incidents by severity
  • Graph time to close by severity
  • Average time to close by severity over time
  • Average time to close by type

The video closes by demonstrating some other examples of graphs:

  • The number of incidents created per month for each user
  • The number of incidents created per month per city
  • Top trend incident category in last 90 days
  • Open incident by severity in last 30 days
  • Top incident category in last 30 days
  • Incident by type in last 90 days

Resilient security

Overview

This course reviews key issues in managing security in IBM Resilient. Topics cover a broad range of issues such as how to defang a URL, change ciphers and protocols, how to work with keyvaults, keystores and secrets as well as how to encrypt and backup the keyvault password.

Agenda

    1. Defanging URLs
      • This video demonstrates how to "defang" your URLs in IBM Resilient to help assure users do not inadvertently click on malicious links.
    2. Changing Ciphers and Protocols in IBM Resilient
      • This video demonstrates how to change the ciphers and protocol in IBM Resilient. There is a review of which ciphers and protocols are used by default using the nmap application, followed by a demonstration of which files need to be edited in order to adjust the ciphers and protocols being used.
    3. Keyvaults, Keystores and Secrets
      • This video discusses keyvaults, keystores and secrets within IBM Resilient.
    4. Encrypting the keyvault password
      • This video describes how to encrypt a keyvault password in IBM Resilient. The keyvault password is stored as an unencrypted file by default but can be encrypted using gpg to protect it and decrypted whenever needed.
    5. Backing up the keyvault
      • The keyvault stores all passwords used within IBM Resilient. If the keyvault were lost, it would result in a considerable loss of data. For that reason, the Resilient platform runs a backup of keyvault files to the system database anytime passwords are added or removed and after each system upgrade. This video shows how to use the resutil keyvaultrestore command to restore keyvault files from the system database.


    Duration: 19 minutes


    Setting up Resilient disaster recovery

    This video demonstrates how to install and set up the Resilient Disaster Recovery system. The disaster recovery (DR) system involves installing and setting up DR on two appliance systems.

    Setup overview
    - Verify the prerequisites
    - Install and set up DR and optional packages on both appliances
    - Install the SSL certificates
    - Create Ansible vault files for each appliance
    - Create Ansible inventory files for each appliance

    Using Resilient disaster recovery health checks

    This video shows how to use the Resilient Disaster Recovery Health Monitoring. DR Health Monitoring involves setting and fine-tuning values in the group_vars/all file.

    Agenda

    • Introduction
    • Syslog configuration
    • Health monitoring settings

    Resilient version 27 - Delete Incident / Bulk Actions

    In this video you will learn about the IBM Resilient v27 features including Deleting Incidents and Bulk Actions. This video is intended for people interested in learning about the Resilient product.


    Running Resilient disaster recovery playbooks

    Overview

    This video shows how to use the Resilient Disaster Recovery system.

    • Enabling the Resilient DR system
    • Verify the DR is enabled correctly using the health monitoring
    • Enabling the receiver as the active Resilient appliance
    • Run a controlled swap of the master and receiver
    • Running a playbook to disable DR

    Initial configuration of the IBM Resilient appliance

    Overview
    This course contains 6 videos that cover various topics important to understand when installing and configuring the IBM Resilient Appliance.

    Agenda
    • Configuring SSL/TSL certificates
    • Importing the Resilient License Key
    • Updating the Resilient Appliance Software
    • Installing optional packages
    • Setting the time zoneSMTP Email configuration

    Resilient version 27 - Custom Sections / Flags

    In this video you will learn about the IBM Resilient v27 features including Custom Sections and Flags. This video is intended for people interested in learning about the Resilient product.


    Resilient version 27 - Artifact Relation

    In this video you will learn about the IBM Resilient v27 feature, Artifact Relation. This video is intended for people interested in learning about the Resilient product.


    Resilient version 27 - Dynamic Playbooks / Rules

    In this video you will learn about the IBM Resilient v27 features including Dynamic Playbooks and Rules. This video is intended for people interested in learning about the Resilient product.


    Configuring SMTP Notifications for IBM Resilient

    Overview:

    This course demonstrates how to configure SMTP notifications for IBM Resilient. Resilient sends email notifications to users for various purposes and Resilient must use an SMTP server to send these messages.

    Getting started with IBM Resilient

    Resilient Incident Response Platform is a central hub for incident responses that helps make incident response efficient and compliant. The platform is based on a knowledge base of incident response best practices, industry standard frameworks, and regulatory requirements.

    The Resilient platform implements incident responses through the use of dynamic playbooks. A dynamic playbook is the set of rules, conditions, business logic, workflows and tasks used to respond to an incident. The Resilient platform updates the response automatically as the incident progresses and is modified.
    In this course, you learn the Resilient basic concepts, platform architecture, and will review a demonstration of the installation process.

    Objectives

    • Learn the value of IBM Resilient
    • Review the introduction video to the IBM Resilient platform
    • Learn the IBM Resilient Platform architecture
    • Learn about necessary prerequisites
    • Review the installation process
    • Describe the value of dynamic playbooks

    Guardium and Resilient integration: Email Connector

    In this video, you will see how to set up IBM Guardium email alerts in an IBM Resilient incident response workflow using the Resilient Email Connector.